Doubly WordPress Plugin PHP Object Injection Vulnerability

A PHP Object Injection vulnerability has been identified in the Doubly – Cross Domain Copy Paste for WordPress plugin, affecting all versions up to and including 1.0.46. The vulnerability arises from the deserialization of untrusted input sourced from the content.txt file within uploaded ZIP archives. This flaw allows authenticated attackers with Subscriber-level access and above to inject a PHP object. The exploitation is contingent upon the presence of a PHP Object Injection chain, which could lead to arbitrary code execution, file deletion, unauthorized data access, or other actions depending on the available gadgets. This vulnerability is specifically exploitable by subscribers when administrators have explicitly permitted such access.

Impact

Exploitation of this vulnerability allows for PHP Object Injection, which could be leveraged to execute arbitrary code, delete files, access sensitive information, or perform other actions based on the available gadgets in the PHP Object Injection chain.

Reproduction

To reproduce this vulnerability, upload a ZIP file containing a crafted payload that exploits the PHP Object Injection vulnerability by including a content.txt file with the malicious object. Ensure that the WordPress site has the Doubly plugin installed and that the ZIP file is imported through the plugin's import feature. This vulnerability can only be exploited by users with Subscriber-level access or higher, and administrators must have enabled this access for subscribers.

Remediation

No patch is currently available for this vulnerability. Users are advised to uninstall the affected plugin and seek a replacement.